Index Ventures, Stripe back bookkeeping service Pilot with $40M

Five years after Dropbox acquired their startup Zulip, Waseem Daher, Jeff Arnold and Jessica McKellar have gained traction for their third business together: Pilot.

Pilot helps startups and small businesses manage their back office. Chief executive officer Daher admits it may seem a little boring, but the market opportunity is undeniably huge. To tackle the market, Pilot is today announcing a $40 million Series B led by Index Ventures with participation from Stripe, the online payment processing system.

The round values Pilot, which has raised about $60 million to date, at $355 million.

“It’s a massive industry that has sucked in the past,” Daher told TechCrunch. “People want a really high-quality solution to the bookkeeping problem. The market really wants this to exist and we’ve assembled a world-class team that’s capable of knocking this out of the park.”

San Francisco-based Pilot launched in 2017, more than a decade after the three founders met in MIT’s student computing group. It’s not surprising they’ve garnered attention from venture capitalists, given that their first two companies resulted in notable acquisitions.

Pilot has taken on a massively overlooked but strategic segment — bookkeeping,” Index’s Mark Goldberg told TechCrunch via email. “While dry on the surface, the opportunity is enormous given that an estimated $60 billion is spent on bookkeeping and accounting in the U.S. alone. It’s a service industry that can finally be automated with technology and this is the perfect team to take this on — third-time founders with a perfect combo of financial acumen and engineering.”

The trio of founders’ first project, Linux upgrade software called Ksplice, sold to Oracle in 2011. Their next business, Zulip, exited to Dropbox before it even had the chance to publicly launch.

It was actually upon building Ksplice that Daher and team realized their dire need for tech-enabled bookkeeping solutions.

“We built something internally like this as a byproduct of just running [Ksplice],” Daher explained. “When Oracle was acquiring our company, we met with their finance people and we described this system to them and they were blown away.”

It took a few years for the team to refocus their efforts on streamlining back-office processes for startups, opting to build business chat software in Zulip first.

Pilot’s software integrates with other financial services products to bring the bookkeeping process into the 21st century. Its platform, for example, works seamlessly on top of QuickBooks so customers aren’t wasting precious time updating and managing the accounting application.

“It’s better than the slow, painful process of doing it yourself and it’s better than hiring a third-party bookkeeper,” Daher said. “If you care at all about having the work be high-quality, you have to have software do it. People aren’t good at these mechanical, repetitive, formula-driven tasks.”

Currently, Pilot handles bookkeeping for more than $100 million per month in financial transactions but hopes to use the infusion of venture funding to accelerate customer adoption. The company also plans to launch a tax prep offering that they say will make the tax prep experience “easy and seamless.”

“It’s our first foray into Pilot’s larger mission, which is taking care of running your companies entire back office so you can focus on your business,” Daher said.

As for whether the team will sell to another big acquirer, it’s unlikely.

“The opportunity for Pilot is so large and so substantive, I think it would be a mistake for this to be anything other than a large and enduring public company,” Daher said. “This is the company that we’re going to do this with.”

Mueller says use of encrypted messaging stalled some lines of inquiry

A single paragraph in the Mueller report out Thursday offers an interesting look into how the Special Counsel’s investigation came head-to-head with associates of President Trump who used encrypted and ephemeral messaging to hide their activities.

From the report:

Further, the Office learned that some of the individuals we interviewed or whose conduct we investigated-including some associated with the Trump Campaign — deleted relevant communications or communicated during the relevant period using applications that feature encryption or that do not provide for long-term retention of data or communications records. In such cases, the Office was not able to corroborate witness statements through comparison to contemporaneous communications or fully question witnesses about statements that appeared inconsistent with other known facts.

The report didn’t spell out specifics of whom or why, but clearly Mueller wasn’t happy. He was talking about encrypted messaging apps that also delete conversation histories over a period of time. Apps like Signal and WhatsApp are popular for this exact reason — you can communicate securely and wipe any trace after the fact.

Clearly, some of Trump’s associates knew better.

But where prosecutors who have faced similar setbacks with individuals using encrypted messaging apps to hide their tracks have often attacked tech companies for building the secure apps, Mueller did not. He just stated a fact and left it at that.

For years, police and law enforcement have lobbied against encryption because they say it hinders investigations. More and more, apps are using end-to-end encryption — where the data is scrambled from one device to another — so that even the tech companies can’t read their users’ messages. But just as criminals use encrypted messaging for bad, ordinary people use encrypted messaging to keep their conversations private.

According to the report, it wasn’t just those on the campaign trail. The hackers associated with the Russian government and WikiLeaks, both of which were in contact following the breaches on Hillary Clinton’s campaign and the Democratic National Committee, took efforts to “hide their communications.”

Not all of Trump’s associates have fared so well over the years.

Michael Cohen, Trump’s former personal attorney, learned the hard way that encrypted messaging apps are all good and well — unless someone has your phone. Federal agents seized Cohen’s BlackBerry, allowing prosecutors to recover streams of WhatsApp and Telegram chats with Trump’s former campaign chief Paul Manafort.

Manafort, the only person jailed as part of the Mueller investigation, also tripped up after his “opsec fail” after prosecutors obtained a warrant to access his backed-up messages stored in iCloud.

Amazon launches ad-supported music service to Echo owners

Amazon today announced the launch of a free, ad-supported music service in the U.S. that will be available to anyone who wants to play free music on their Echo speaker.

Until today, Echo owners who wanted to stream music from Amazon could either pay for an annual Prime membership for access to Prime Music, or they could pay $3.99 per month to stream from Amazon Music Unlimited (or $9.99/month to stream on non-Echo devices, as well.)

The new service has the same catalog as Prime Music, which today has just over two million songs. Amazon Music Unlimited, meanwhile, has 50 million songs.

The new service gives Echo owners a way to enjoy free music from Amazon on their Echo, instead of having having to turn to a third-party free provider, like Spotify or Pandora. It will also offer a way to push Echo owners to upgrade to the paid subscription services Amazon offers, including its Amazon Music Unlimited service and even Prime itself.

Amazon’s plans to wade into the free streaming market and more directly compete with Spotify had been previously leaked by Bloomberg. The report noted that Amazon had been in discussions with the labels in order to obtain the licenses to stream the free music — something it agreed to pay for, regardless of how much advertising it sells.

In addition to being a differentiating and attractive feature for potential smart speaker buyers — something that could have them opt for an Echo over a Google Home device or Apple HomePod, for example — the service also offers Amazon a new way to monetize its large and growing installed base of Echo speakers.

Amazon’s ad revenue was $10.1 billion in 2018, or 4.3 percent of its total revenues, and now it’s looking for new ways to grow that number.

The news also comes on the heels of a 2018 forecast from eMarketer that had predicted Amazon’s share of the smart speaker market would decline in 2020, as competition from rivals — including Google Home, Sonos One and Apple HomePod — would heat up. But there’s still plenty of time for that to change.

The market for smart speakers hit critical mass in 2018, with around 41 percent of U.S. consumers now owning a voice-activated speaker. Amazon also said at the beginning of the year that more than 100 million Alexa-powered devices have been sold to date — but this number includes non-Echo devices, including those from third-party manufacturers.

The launch of a free music service will be a significant blow to Spotify which, before now, was the only subscription music streaming service with a free tier. The free customers often then convert to paid subscribers as they use the service over time, something that has helped Spotify grow to reach 96 million paid users and 116 million free users. Apple Music has 56 million paying subscribers, but no free funnel.

Facebook now says its password leak affected ‘millions’ of Instagram users

Facebook has confirmed its password-related security incident last month now affects “millions” of Instagram users, not “tens of thousands” of users as first thought.

The social media giant confirmed the new information in its updated blog post, first published on March 21.

“We discovered additional logs of Instagram passwords being stored in a readable format,” the company said. “We now estimate that this issue impacted millions of Instagram users. We will be notifying these users as we did the others.”

“Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” the updated post said, but the company still has not said how it made that determination.

The social media giant did not say how many millions were affected, however.

Last month, Facebook admitted it had inadvertently stored “hundreds of millions” of user account passwords in plaintext for years, said to have dated as far back as 2012. The company said the unencrypted passwords were stored in logs accessible to some 2,000 engineers and developers. The data was not leaked outside of the company, however. Facebook still explained how the bug occurred

Facebook posted the update at 10am ET — an hour before the Special Counsel’s report into Russian election interference was published.

We asked the company when it learned of the new scale of the password leak and will update if we hear back.

The chat feature may soon return to Facebook’s mobile app

Facebook upset millions upon millions of users five years ago when it removed chat from its core mobile app and forced them to download Messenger to communicate privately with friends. Now it looks like it might be able to restore the option inside the Facebook app.

That’s according to a discovery from researcher Jane Manchun Wong who discovered an unreleased feature that brings limited chat features back into the core social networking app. Wong’s finding suggests that, at this point, calling, photo sharing and reactions won’t be supported inside the Facebook app chat feature, but it remains to be seen if that is simply because it is currently in development.

It is unclear whether the feature will ship to users at all since this is a test. Messenger, which has over 1.3 billion monthly users, will likely stick but this change would give users other options for chatting to friends.

We’ve contacted Facebook for comment, although we’re yet to hear back from the company. We’ll update this story with any comment that the company does share.

As you’d expect, the discovery has been greeted with cheers from many users who were disgruntled when Facebook yanked chat from the app all those years ago. I can’t help but wonder, however, if there are more people today who are content with using Messenger to chat without the entire Facebook service bolted on. Given all of Facebook’s missteps over the past year or two, consumer opinion of the social network has never been lower, which raises the appeal of using it to connect with friends but without engaging its advertising or newsfeed.

Wong’s finding comes barely a month after Facebook CEO Mark Zuckerberg sketched out a plan to pivot the company’s main focus to groups and private conversation rather than its previously public forum approach. That means messaging is about to become its crucial social graph, so why not bring it back to the core Facebook app? We’ll have to wait and see, but the evidence certainly shows Facebook is weighing the merits of such a move.

Here’s the first official preview of Microsoft’s Chromium-based Edge browser

Microsoft today launched the first official version of its Edge browser with the Chromium engine for Windows 10. You can now download the first developer and canary builds here. The canary builds will get daily updates and the developer builds will see weekly updates. Over time, you’ll also be able to opt in to the beta channel and, eventually, the stable channel.

The company first announced this project last December and the news obviously created quite a stir, given that Microsoft was abandoning its own browser engine development in favor of using an open-source engine — and one that is still very much under the control of Google. With that, we’re now down to two major browser engines: Google’s Chromium and Mozilla’s Gecko.

I used the most recent builds for the last week or so. Maybe the most remarkable thing about using Microsoft’s new Chromium-based Edge browser is how unremarkable it feels. It’s a browser and it (with the exceptions of a few bugs you’d expect to see in a first release) works just like you’d expect it to. That’s a good thing, in that if you’re a Windows user, you could easily use the new Edge as your default browser and would be just fine. On the other hand — at least at this stage of the project — there’s also very little that differentiates Edge with Chromium from Google’s own Chrome browser.

That will change over time, though, with more integrations into the Windows ecosystem. For now, this is very much a first preview and meant to give web and extensions developers a platform for testing their sites and tools.

There are a few points of integration with Microsoft’s other services available already, though. Right now, when you install the Edge preview builds, you get the option to choose your new tab layout. The choices are a very simple new tab layout that only presents a search bar and a few bookmarks and a variation with a pretty picture in the background, similar to what you’d see on Bing. There is, however, also another option that highlights recent news from Microsoft News, with the option to personalize what you see on that page.

Microsoft also says that it plans to improve tab management and other UI features as it looks at how it can differentiate its browser from the rest.

In this first preview, some of the syncing features are also already in place, but there are a few holes here. So while bookmarks sync, extensions, your browsing history, settings, open tabs, addresses and passwords do not. That’ll come in some of the next builds, though.

Right now, the only search engine that’s available is Bing. That, too, will obviously change in upcoming builds.

Microsoft tells me that it prioritized getting a full end-to-end browser code base to users and setting up the engineering systems that will allow it to both push regular updates outside of the Windows update cycle and to pull in telemetry data from its users.

Most of the bugs I encountered where minor. Netflix, though, regularly gave me trouble. While all other video services I tried worked just fine, the Netflix homepage often stuttered and became unresponsive for a few seconds.

That was the exception, though. In using the new Edge as my default browser for almost a week, I rarely ran into similar issues and a lot of things ‘just work’ already. You can read PDFs in the browser, just like you’d expect. Two-factor authentication with a Yubikey to get into Gmail works without an issue. Even complex web apps run quickly and without any issues. The extensions I regularly use, including LastPass, worked seamlessly, no matter whether I installed them from the Google store or Microsoft’s library.

I also ran a few benchmarks and unsurprisingly, Edge and the latest version of Chrome tend to score virtually the same results. It’s a bit too early in the development process to really focus on benchmarks, but the results are encouraging.

With this release, we’re also getting our first official look at using extensions in the new Edge. Unsurprisingly, Microsoft will offer its own extension store, but with the flip of a switch in the settings, you’ll also be able to install and use extensions from third-party marketplaces, meaning the Chrome Web Store. Extension developers who want to add their tools to the Microsoft marketplace can basically take their existing Chrome extensions and use those

Microsoft’s promise, of course, is that it will also bring the new Edge to Windows 7 and Windows 8, as well as the Mac. For now, though, this first version is only available on 64-bit versions of Windows 10. Those are in the works, but Microsoft says they simply aren’t quite as far along as the Windows 10 edition. This first release is also English-only, with localized versions coming soon, though.

While anybody can obviously download this release and give it a try, Microsoft stressed that if you’re not a tech enthusiast, it really isn’t for you. This first release is very much meant for a technical audience. In a few months, though, Microsoft will surely start launching more fully-featured beta versions and by that time, the browser will likely be ready for a wider audience. Still, though, if you want to give it a try, nobody is stopping you today, no matter your technical expertise.

Snap is channeling Asia’s messaging giants with its move into gaming

Snap is taking a leaf out of the Asian messaging app playbook as its social messaging service enters a new era.

The company unveiled a series of new strategies that are aimed at breathing fresh life into the service which has been ruthlessly cloned by Facebook across Instagram, WhatsApp, and even its primary social network. The result? Snap has consistently lost users since going public in 2017. It managed to stop the rot with a flat Q4, but resting on its laurels isn’t going to bring the good times back.

Snap has taken a three-pronged approach: extending its stories feature (and ads) into third-party apps and building out its camera play with an AR platform, but it is the launch of social games that is the most intriguing. The other moves are logical and they fall in line with existing Snap strategies, but games is an entirely new category for the company.

It isn’t hard to see where Snap found inspiration for social games — Asian messaging companies have long twinned games and chat — but the U.S. company is applying its own twist to the genre.

Slack reportedly chooses the New York Stock Exchange for its direct listing

The ubiquitous corporate messaging service Slack is following in the footsteps of Spotify’s subscription music service and heading to the New York Stock Exchange for trading through a direct listing, according to the Wall Street Journal.

Slack, which reportedly had somewhere near $900 million on hand last October when it was prepping for its initial public offering, is likely choosing the direct listing route for some of the same reasons that Spotify had when it went public.

Here are the reasons we listed for Spotify’s decision last year around this time:

List Without Selling Shares– Spotify has plent of money with $1.3 billion in cash and securities, has no debt since it converted that into equity for investors, and has positive free cash flow

Liquidity – Investors and employees can sell on public market and sell at time of their choosing without investors shorting a lockup expiration, while new investors can join in

Equal Access– Bankers won’t get preferred access. Instead, the whole world will get access at the same time. “No underwriting syndicate, no limited float, no IPO allocations, no preferential treatment”.

Transparency – Spotify wants to show the facts about its business to everyone via today’s presentation, rather than giving more info to bankers in closed door meetings

Market-Driven Price Discovery – Rather than setting a specific price with bankers, Spotify will let the public decide what it’s worth. “We think the wisdom of crowds trumps expert intervention”.

Slack doesn’t need the money that could come from a public offering, but its longtime employees would like to see some liquidity, and so would its longtime investors.

Choosing the New York Stock Exchange likely gives the company some comfort, because unlike the Nasdaq, the NYSE has designated market makers on the floor of the exchange who can manage prices if the stock becomes really volatile in its first day of trading, according to the WSJ.

This year will be a banner year for public offerings in the U.S. and the NYSE and rival Nasdaq exchange are competing to see who can claim the most tech public offerings for the year.

Nasdaq struck an early blow with the Lyft public offering last week. But NYSE has claimed, Pinterest, Uber, and Slack which could be the biggest public offerings of the year.

Whatever the result, the public offering will be good news for investment firms like Accel, Andreessen Horowitz, Dragoneer Investments, General Atlantic, GV, Kleiner Perkins, Social Capital, Softbank Group, and Thrive Capital, which collectively invested roughly $1.2 billion into the company.

Rela, a Chinese lesbian dating app, exposed 5 million user profiles

Rela (热拉), a popular dating app for gay and queer women, has exposed millions of user profiles and private data because a server wasn’t protected with a password.

Rela disappeared from app stores in May 2017 after it was reportedly shut down by Chinese regulators, though the government never confirmed it took action. But the app returned a year later, according to its app store listing, on a different cloud provider. LGBTQ+ rights in China remain highly limited, even though it was decriminalized in 1997. Many in the community still fight discrimination and attitudes have been slow to change.

Victor Gevers, a security researcher at the GDI Foundation, found the exposed database this week, he told TechCrunch, containing more than 5.3 million app users.

It’s believed the database had been exposed since June 2018, a month after the app returned, Gevers said.

Each record included their nicknames, dates of birth, height and weight, ethnicity, and sexual preferences and interests. Records also, where users allowed, included their precise geolocation. The database also contained over 20 million “moments,” or status updates — including private data.

“The privacy of five-plus million LGBTQ+ people face a lot of social challenges in China because their are no laws protecting them from discrimination,” said Gevers. “This data leak that has been open for years make it even more damaging for the people involved who were exposed.”

In a brief response, a company spokesperson confirmed the database had been secured.

Gay dating apps remain big business — even for companies in China, despite the legal complexities that’s seen several major apps shut down. Zank, a popular app used mostly by gay and bisexual men, was shut down in April 2017 citing the government’s rules for broadcasting pornographic content.

Yet, more established apps like Blued remain popular in the country.

Chinese gaming giant bought a 60 percent stake in U.S.-based gay dating app Grindr in 2017 and later acquired the entire company, but is reportedly up for sale amid concerns that the company poses a risk to U.S. national security.

Read more:

Hackers conquer Tesla’s in-car web browser and win a Model 3

A pair of security researchers dominated Pwn2Own, the annual high-profile hacking contest, taking home $375,000 in prizes including a Tesla Model 3 — their reward for successfully exposing a vulnerability in the electric vehicle’s infotainment system.

Tesla handed over its new Model 3 sedan to Pwn2Own this year, the first time a car has been included in the competition. Pwn2Own is in its 12th year and run by Trend Micro’s Zero Day Initiative. ZDI has awarded more than $4 million over the lifetime of the program.

The pair of hackers Richard Zhu and Amat Cam, known as team Fluoroacetate, “thrilled the assembled crowd” as they entered the vehicle, according to ZDI, which noted that after a few minutes of setup, they successfully demonstrated their research on the Model 3 internet browser.

The pair used a JIT bug in the renderer to display their message — and won the prize, which included the car itself. In the most simple terms, a JIT, or just-in-time bug, bypasses memory randomization data that normally would keep secrets protected.

Tesla told TechCrunch it will release a software update to fix the vulnerability discovered by the hackers.

“We entered Model 3 into the world-renowned Pwn2Own competition in order to engage with the most talented members of the security research community, with the goal of soliciting this exact type of feedback. During the competition, researchers demonstrated a vulnerability against the in-car web browser,” Tesla said in an emailed statement. “There are several layers of security within our cars which worked as designed and successfully contained the demonstration to just the browser, while protecting all other vehicle functionality. In the coming days, we will release a software update that addresses this research. We understand that this demonstration took an extraordinary amount of effort and skill, and we thank these researchers for their work to help us continue to ensure our cars are the most secure on the road today.”

Pwn2Own’s spring vulnerability research competition, Pwn2Own Vancouver, was held March 20 to 22 and  featured five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category.

Pwn2Own awarded a total of $545,000 for 19 unique bugs in Apple Safari, Microsoft Edge and Windows, VMware Workstation, Mozilla Firefox, and Tesla.

Tesla has had a public relationship with the hacker community since 2014 when the company launched its first bug bounty program. And it’s grown and evolved ever since.

Last year, the company increased the maximum reward payment from $10,000 to $15,000 and added its energy products as well. Today, Tesla’s vehicles and all directly hosted servers, services and applications are now in scope in its bounty program